Kode sumber untuk django.contrib.auth

importinspectimportreimportwarningsfromdjango.appsimportappsasdjango_appsfromdjango.confimportsettingsfromdjango.core.exceptionsimportImproperlyConfigured,PermissionDeniedfromdjango.middleware.csrfimportrotate_tokenfromdjango.utils.cryptoimportconstant_time_comparefromdjango.utils.deprecationimportRemovedInDjango21Warningfromdjango.utils.module_loadingimportimport_stringfromdjango.utils.translationimportLANGUAGE_SESSION_KEYfrom.signalsimportuser_logged_in,user_logged_out,user_login_failedSESSION_KEY='_auth_user_id'BACKEND_SESSION_KEY='_auth_user_backend'HASH_SESSION_KEY='_auth_user_hash'REDIRECT_FIELD_NAME='next'defload_backend(path):returnimport_string(path)()def_get_backends(return_tuples=False):backends=[]forbackend_pathinsettings.AUTHENTICATION_BACKENDS:backend=load_backend(backend_path)backends.append((backend,backend_path)ifreturn_tupleselsebackend)ifnotbackends:raiseImproperlyConfigured('No authentication backends have been defined. Does ''AUTHENTICATION_BACKENDS contain anything?')returnbackendsdefget_backends():return_get_backends(return_tuples=False)def_clean_credentials(credentials):""" Clean a dictionary of credentials of potentially sensitive info before sending to less secure functions. Not comprehensive - intended for user_login_failed signal """SENSITIVE_CREDENTIALS=re.compile('api|token|key|secret|password|signature',re.I)CLEANSED_SUBSTITUTE='********************'forkeyincredentials:ifSENSITIVE_CREDENTIALS.search(key):credentials[key]=CLEANSED_SUBSTITUTEreturncredentialsdef_get_user_session_key(request):# This value in the session is always serialized to a string, so we need# to convert it back to Python whenever we access it.returnget_user_model()._meta.pk.to_python(request.session[SESSION_KEY])

[docs]defauthenticate(request=None,**credentials):""" If the given credentials are valid, return a User object. """forbackend,backend_pathin_get_backends(return_tuples=True):try:user=_authenticate_with_backend(backend,backend_path,request,credentials)exceptPermissionDenied:# This backend says to stop in our tracks - this user should not be allowed in at all.breakifuserisNone:continue# Annotate the user object with the path of the backend.user.backend=backend_pathreturnuser# The credentials supplied are invalid to all backends, fire signal

user_login_failed.send(sender=__name__,credentials=_clean_credentials(credentials),request=request)def_authenticate_with_backend(backend,backend_path,request,credentials):credentials=credentials.copy()# Prevent a mutation from propagating.args=(request,)# Does the backend accept a request argument?try:inspect.getcallargs(backend.authenticate,request,**credentials)exceptTypeError:args=()credentials.pop('request',None)# Does the backend accept a request keyword argument?try:inspect.getcallargs(backend.authenticate,request=request,**credentials)exceptTypeError:# Does the backend accept credentials without request?try:inspect.getcallargs(backend.authenticate,**credentials)exceptTypeError:# This backend doesn't accept these credentials as arguments. Try the next one.returnNoneelse:warnings.warn("Update %s.authenticate() to accept a positional ""`request` argument."%backend_path,RemovedInDjango21Warning)else:credentials['request']=requestwarnings.warn("In %s.authenticate(), move the `request` keyword argument ""to the first positional argument."%backend_path,RemovedInDjango21Warning)returnbackend.authenticate(*args,**credentials)

[docs]deflogin(request,user,backend=None):""" Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """session_auth_hash=''ifuserisNone:user=request.userifhasattr(user,'get_session_auth_hash'):session_auth_hash=user.get_session_auth_hash()ifSESSION_KEYinrequest.session:if_get_user_session_key(request)!=user.pkor(session_auth_hashandnotconstant_time_compare(request.session.get(HASH_SESSION_KEY,''),session_auth_hash)):# To avoid reusing another user's session, create a new, empty# session if the existing session corresponds to a different# authenticated user.request.session.flush()else:request.session.cycle_key()try:backend=backendoruser.backendexceptAttributeError:backends=_get_backends(return_tuples=True)iflen(backends)==1:_,backend=backends[0]else:raiseValueError('You have multiple authentication backends configured and ''therefore must provide the `backend` argument or set the ''`backend` attribute on the user.')request.session[SESSION_KEY]=user._meta.pk.value_to_string(user)request.session[BACKEND_SESSION_KEY]=backendrequest.session[HASH_SESSION_KEY]=session_auth_hashifhasattr(request,'user'):request.user=userrotate_token(request)

user_logged_in.send(sender=user.__class__,request=request,user=user)

[docs]deflogout(request):""" Remove the authenticated user's ID from the request and flush their session data. """# Dispatch the signal before the user is logged out so the receivers have a# chance to find out *who* logged out.user=getattr(request,'user',None)ifhasattr(user,'is_authenticated')andnotuser.is_authenticated:user=Noneuser_logged_out.send(sender=user.__class__,request=request,user=user)# remember language choice saved to sessionlanguage=request.session.get(LANGUAGE_SESSION_KEY)request.session.flush()iflanguageisnotNone:request.session[LANGUAGE_SESSION_KEY]=languageifhasattr(request,'user'):fromdjango.contrib.auth.modelsimportAnonymousUser

request.user=AnonymousUser()

[docs]defget_user_model():""" Return the User model that is active in this project. """try:returndjango_apps.get_model(settings.AUTH_USER_MODEL,require_ready=False)exceptValueError:raiseImproperlyConfigured("AUTH_USER_MODEL must be of the form 'app_label.model_name'")exceptLookupError:raiseImproperlyConfigured("AUTH_USER_MODEL refers to model '%s' that has not been installed"%settings.AUTH_USER_MODEL

)

[docs]defget_user(request):""" Return the user model instance associated with the given request session. If no user is retrieved, return an instance of `AnonymousUser`. """from.modelsimportAnonymousUseruser=Nonetry:user_id=_get_user_session_key(request)backend_path=request.session[BACKEND_SESSION_KEY]exceptKeyError:passelse:ifbackend_pathinsettings.AUTHENTICATION_BACKENDS:backend=load_backend(backend_path)user=backend.get_user(user_id)# Verify the sessionifhasattr(user,'get_session_auth_hash'):session_hash=request.session.get(HASH_SESSION_KEY)session_hash_verified=session_hashandconstant_time_compare(session_hash,user.get_session_auth_hash())ifnotsession_hash_verified:request.session.flush()user=None

returnuserorAnonymousUser()defget_permission_codename(action,opts):""" Return the codename of the permission for the specified action. """return'%s_%s'%(action,opts.model_name)

[docs]defupdate_session_auth_hash(request,user):""" Updating a user's password logs out all sessions for the user. Take the current request and the updated user object from which the new session hash will be derived and update the session hash appropriately to prevent a password change from logging out the session from which the password was changed. """request.session.cycle_key()ifhasattr(user,'get_session_auth_hash')andrequest.user==user: